[survirtual]

I like the downvotes here for stating a fact.

The current CA system is horrendous in its centralization. It is completely possible to make a new mechanism using hashed-addresses and using traffic + user choice as the allocation mechanism for namespaces.

Instead of namespaces being fought for financially, users assign namespaces to site addresses (hashes) which represent a pub key of a keypair and identity of a server. The namespaces, say “search” is then assigned to the address hash with the most users by default. If a user likes a different one, they link the “search” namespace to a different hash and that counts as a vote for that location being the default.

This can be done using just traffic as an indicator for the defaults, in the event unique humanness cannot be established properly for an identity.

One summary of a frictionless scheme without central control that circumvents just about every shortcoming of the current system, and has all three properties.

There are other schemes, btw.

Also, in the event it isn’t clear: tls comes natively to this scheme because the addresses are pub keys. There can’t be a mitm for this scheme unless they have the priv key, or find a way to direct traffic through them and acquire a majority stake for a namespace and phish the original site. Whoever has the priv key controls the properties of the address hash, which is where all the records go.

This would make the internet significantly more democratic and less prone to bad actors. It would eliminate domain name squatting completely, and would enable new technologies which more closely match a namespace than old ones to have a chance, promoting innovation and meaningful competition.

[mhio]

So one day, the "search" default moves to the most popular and everything breaks? based on the amount of traffic generated for the other "search"?

Do you have more detailed write ups of that or the alternate schemes, at first take that sounds horribly flawed.

[survirtual]

“Everything” wouldn’t break; the most popular address is the one that gets the name. It means businesses and admins would need to put in the work to have a good product instead of getting lucky / having a ton of money to grab a name. Most likely, once a popular name is defaulted it will never change since this system has a “snowball” effect, but if a ground-breaking innovation occurs, then it would have a chance of taking the name.

Anyone that manually sets a name to an address is unaffected by the default setting. Only people that haven’t overridden the default are impacted. Most people would likely not even participate in this mechanism of “voting”, so it would be a smaller group that I assume is more involved that directs defaults.

Nothing is perfect but I think this would have significantly better results for humanity as a whole once it is matured than the current system.

Additional note: For anything programmatic / apis / etc, the address hash can just be utilized to connect systems. The address hash is not an IP address. It is a record set that can only be modified using signed messages, where the latest signed message determines what is in the record — this is where a record for, say, another IP can exist. Or a record to another address hash, etc. This record set could operate basically the same as current records for domains.

[mhio]

The default is kind of like using top result of a search as the owner then? But I guess you want to count the number of real people who "favourite" a name > hash mapping.

You would need a consistent "easy" name as well at some point though, like a bank for example, can't use a name that could one day change for people who haven't bothered to default it.

Another issue might be names for the smaller, but very long tail of the internet, which would be open for abuse. For example a name could come and go with a social media post that gains traction, which would far outweigh the regular traffic for a name.

[ameliaquining]

How exactly do you make the addresses meaningful to humans if they're public keys?

[survirtual]

I explained that in the post. Namespaces / domain names / whatever you want to call them are set by individual users. The act of setting a namespace, ie binding “search” to whatever google’s hash is for example, contributes a “vote” to make that the default address for “search”.

Traffic can also contribute towards the count, either method would eventually settle on accurately capturing the will of people, but I would have to think about the mechanism for measuring traffic in a statistically accurate / honest way with a federated system.

[ameliaquining]

The thing being described here isn't really an address system. The point of addresses is that they're supposed to be stable; I want to know that I can go to google.com and know that the thing on the other end is controlled by Google and not some other entity. This is a lot more important than being able to look up "search" and know that the thing on the other end was chosen democratically rather than auctioned off. If the thing I want is to connect to one particular entity, then under this system the only way I can do that with confidence is by getting their public key out of band, which is deeply inconvenient and the whole problem that domain names were invented to solve.

Registry operators can also hijack domain names, of course, but they have an economic incentive not to do that (except in cases like malware C&C domains that don't affect legitimate users), because their job is to ensure that the whole system of stable addresses keeps working, and failing to do that would undermine confidence in the whole thing. A public vote doesn't have that incentive alignment; anyone who bothers to explicitly configure their system in this way, is fairly likely to be someone who'd join a campaign to hijack a name for the lulz or to make a political statement, at the expense of usability for regular users.

It's true that if you have human-meaningful domain names, then some of them will be more desirable than others, and anyone who can get a good one, or who can distribute good ones to those who want them, is thereby in a position to collect a certain amount of economic rent. Which isn't ideal. But this is all a second-order consideration at best; it's a side effect of the goal of stable addresses, which is the important part.

[survirtual]

It is highly unlikely that an entity like Google would not have control of the Google namespace with the scheme I am talking about, as it is clear what google is referred to as and this mechanism would eventually “settle” on the most correct names for each entity.

But if you don’t care about the entity and are talking generic names, like “search” or “market” it allows for a novel way of applying the namespace to the “best” one in a moment, without relying on a central party like an app store to tell us.

It also introduces a self-governance, eliminates stale squatting, gives better tech a chance, and eliminates the ability for authoritarian and bureaucratic entities from controlling namespaces. Who is ICANN really accountable to? If someone makes a site that is disruptive to the “national security” of powerful governments, by being more democratic and representative but stripping away their / corporate power, do you think the current system would just allow it to live?

We need new technologies that can handle fighting against the tyranny of small, unelected boards who subtly influence all of us in seemingly innocuous ways. The way we fight against it is by architecting implicitly democratic systems, bypassing these parasitic middlemen and replacing all of them with mathematically sound code.

There are some tradeoffs. We could go back and forth through this concept and discover a new weakness in the convenience, mainly for business. One might say “well, what about addressability for emails or federated identities” and, one by one, with some thought, these things could be resolved. But the core of the solution eliminates entire classes of putrid rot in the existing mechanism.

The rot I speak of is mostly unseen by people. It stifles innovation with stagnation, where squatters and “I got here first” eliminate the possibilities. This makes those possibilities completely hidden and stifled. Entrenched forces have no reason to innovate or progress. They are rewarded merely for existing, without any forces capable of opposing them without also being entrenched, or begging another entrenched force to aid them.

I can go on and on about the topic, but coming back to “globally stable addresses,” I think that this mechanism can be likened to an iterative / numerical method which, when given time, settles on the correct answer. Once a domain has settled, it would experience stability. And perhaps, when taken in conjunction with the existing system I’d want to see this mechanism replace, we already have “stable” names that come at cost. It isn’t like that would immediately go away. Every technology I talk about is voluntary, at a fundamental level no one should be coerced, whether by force or by implicit means, to use something.

[Dylan16807]

You're punting the problem. You can't securely and objectively measure users and traffic.

[survirtual]

You can measure users if users also have an identity bound to a key pair, with a mechanism to have attestations to their identity. In other words, the role of a CA shifts to making attestations that a pub key belongs to a unique individual. With that modification, it becomes possible to use their signature towards voting on which namespace operates as a default binding for an address hash.

This mechanism is very feasible when connected to a larger system involving federated identities, and a trust matrix where users decide which authorities they accept for identity validation (or any other attestation). Binding a physical identity to a digital one has a significant number of additional benefits, and it can be done such that anonymity is preserved via sub identities with verified claims.

[Dylan16807]

Now you're farming out to another "larger system" to ensure that the keys are real people.

How does that system ensure things, and why can't that system do domains directly?

> a trust matrix where users decide which authorities they accept for identity validation (or any other attestation)

So if I tell someone my "domain name" I won't know what site they'll actually get because it's calculated per person?

[survirtual]

No one should have ownership of a word. That is an individual choice that should move fluidly with the populace.

With this scheme, there are many ways to enable a stable endpoint that can be shared. But at the base, the addition of a hashed keypair address is introduced which is connected to a recordset controlled by a signed message.

With that, there are a lot of possibilities. Just sharing one of them. While I could outline every little detail, that would be better served in a different format and in the future.

There are going to be a lot of mental shifts required in many different ways. Maybe it will take a generation before those shifts are appropriately executed, I don’t know.

[Dylan16807]

> No one should have ownership of a word. That is an individual choice that should move fluidly with the populace.

The ability to reallocate at some point is fine, but if I'm speaking an address to someone I need to be sure it only goes one place right now and in the near future.

[survirtual]

Then I would say someone needs to make the best “thing” that entrenches their “thing” to a name. For the most desirable names, that would be the only way to maintain stability; constant innovation making something synonymous with the name.

This concept can be extended to support more stable namespaces. It just requires a little thinking. Could be as simple as a numeric queue for a name, like say you want the “search” name. You are the first to associate with it. You might have the permanent address “search.one”. Someone else wants to associate with it. They get “search.two”. This goes on and a million people want it. The millionth gets “search.million”.

These sorts of details have meaning but are irrelevant to the core problems what I’m talking about solves, and the core problems that need fixing: the CA system is inefficient, archaic, and tyrannical. They can be, technologically speaking, easily replaced with far more secure, purposeful, and democratic technological, autonomous systems.